Tag: Security

A new commit in the Android Open Source Project (AOSP) repository suggests that facial authentication is coming to Android as a system level API.  It could mean that from system point of view, Android P could well allow for facial authentication on devices, assuming of course that the hardware to do so is built into the device.

Currently, for manufactures to support facial authentication (like OnePlus for example), they have to build their own app and leverage existing APIs, mostly around the fingerprint authentication.  That works, obviously, but it isn’t as optimized as it could be and it is dependent upon OEMs to build the supporting software & hardware to make it happen.  This commit would more-or-less standardize things for Android.

It appears that once again Apple is upping device security with the upcoming release of iOS 11.4.  In a new report on Elcomsoft indicates that when the new build of iOS rolls out, it will come with a Lightening Connection lockdown that requires the device to unlocked or the password/fingerprint to be entered every seven days.  The feature is meant to prevent tethering a device to a PC or Mac and brute force cracking the device to gain access.

The feature first appeared in iOS 11.3 but was dropped during the beta testing.  It reappeared in 11.4 and, to this point, has pretty much gone unnoticed until now.  What this means is after 7 days, if the device hasn’t been unlocked either with biometrics or a password, the Lightening connector becomes a charging port only.  No data is transmitted to or from the device by the connected laptop.

Google has announced that physical USB security key support is coming to all version of G Suite over the next few weeks.  Support of security keys, to this point, has been limited to Enterprise level customers.  That is changing as all variants of the service will be gaining support.

Security Keys are a physical USB key that you plug into a device that gives you access to it.  It is perhaps the ultimate in 2-Factor authentication.  Yubico is perhaps the most well known of these types of keys and they are readily available at low cost.

There is a new, optional security update for Chrome OS that fixes a vulnerability with the Trusted Platform Module (TPM) in the majority of Chromebooks.  To apply the update however, you will need to Powerwash your device.

The vulnerability has to do with hackers potentially being able to brute force the RSA keys generated by your TPM.  This, in theory, could give the the opportunity to plant malicious code on your device or take it over.  For those not familiar, a Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. It essentially makes sure that the hardware and software on your device are secure and encrypted and what has access to the keys generated by it.  Thus, you see the problem.  If the TPM gets compromised, it can lead to a lot of issues for end users.

Twitter has finally begun allowing users to use 3rd party two factor authentication apps to verify their identity.  The new feature is rolling out to users accounts online and you can now select the default SMS authentication or a 3rd party authentication tool.

In April, the social micro blogging site rolled out SMS authentication that allowed users to have an authentication code texted to them when they were logging into their account.  That is still enabled by default but you now have the option to use a 3rd party app like Google Authenticator to verify your identity.   The feature requires that you log into your Twitter account online, then go to Settings & Privacy in your account settings.  There you can setup an authentication app.

Samsung has begun rolling out the May 2017 Android Security update for the venerable Galaxy Note 4 and Note 4 Edge.  The update doesn’t contain any new features for the 2014 devices but will bring them up to the latest security patch for those still using it.  Both phones are running Android Marshmallow and it is highly unlikely they will ever see Nougat despite their extended support after the Note7 debacle.

The update weighs in at 345MB and it is recommended that you download the OTA update via Wi-Fi.  Once you have it downloaded, the install process will take about 10 minutes to complete and will require a reboot of the device.